import java.sql.*;

public class PreJdbcTest {

    static public boolean login(MyDb db, String user, String pwd) {
        String sql = "select empno from emp where ename='";
        sql += user + "' and pwd='" + pwd + "'";

        return db.query(sql) == 0 ? false : true;
    }

    static public boolean login2(MyDb db, String user, String pwd) {
        db.preSql("select empno from emp where ename=? and  pwd=?");
        db.preSet(1, user);
        db.preSet(2, pwd);
        return db.preExec() == 0 ? false : true;
    }

    static public void main(String [] args) {
        MyDb db = new MyDb("company", "root", "123123");

        // SQL注入攻击
        // if (login2(db, "wangwus ' or 1=1 -- ", "123")) {
        if (login2(db, "wangwu", "123")) {
            System.out.printf("登录成功!\n");
        } else {
            System.out.printf("登录失败!\n");
        }

        db.close();
    }
}
